× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. JAVA400-L
  3. November 2007

RE: Private CA 'jssecacerts' file location?

Hi, David --

If you change those values from IBMISeriesX509 to IBMX509, I think you'll
find that you can use the IFS keystore and truststore. Java should look for
a jssecacerts file or, if it can't find that a cacerts file. You can also
specify the names of the keystore and truststore files via system properties
if you don't want to use jssecacerts or cacerts as the file name but I'd
recommend sticking with the default.

BTW, what JVM are you using?

I'll try to load a CA cert in .der file form into a DCM, if I can find one
that I can use.

Gary

-----Original Message-----
From: java400-l-bounces@xxxxxxxxxxxx [mailto:java400-l-
bounces@xxxxxxxxxxxx] On Behalf Of David Gibbs
Sent: Thursday, November 08, 2007 7:39 AM
To: Java Programming on and around the iSeries / AS400
Subject: Re: Private CA 'jssecacerts' file location?

Gary L Peskin wrote:
If I remember correctly, the iSeries JRE uses DCM for the
certificates by
default. You can create a private certificate store with DCM.

What are the values for

ssl.KeyManagerFactory.algorithm
ssl.TrustManagerFactory.algorithm

in your <jre-home>/lib/security/java.security file?

ssl.KeyManagerFactory.algorithm=IbmISeriesX509
ssl.TrustManagerFactory.algorithm=IbmISeriesX509

I'm going down the DCM route now ... but I can't get my CA cert (.der
file) imported into the trust store.

I keep getting a "Parameter is not valid. Check for previous errors
that
may have caused this" error in the DCM and a problem is logged on
QSYSOPR. The same error happens on both V5R2 & V5R3.

I think I'm going to have to call IBM on this.

Anyone know what kind of certificate the DCM is expecting when
importing
a new CA cert into the *SYSTEM certificate store?

The CA certificate was generated using this command on a Windows system
runing JVM 1.5:
keytool -export -alias <hostname> -keystore data/tls/certificate.p12
-storetype pkcs12 -file certificate.der

Thanks!

david

--
System i ... for when you can't afford to be out of business
--
This is the Java Programming on and around the iSeries / AS400
(JAVA400-L) mailing list
To post a message email: JAVA400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/java400-l
or email: JAVA400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/java400-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.